Esempio n. 1
0
function section_save()
{
    global $txpcfg;
    $in = psa(array('name', 'title', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
    extract(doSlash($in));
    if (empty($title)) {
        $title = $name;
    }
    //Prevent non url chars on section names
    include_once $txpcfg['txpath'] . '/lib/classTextile.php';
    $textile = new Textile();
    $title = $textile->TextileThis($title, 1);
    $name = dumbDown($textile->TextileThis($name, 1));
    $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name));
    if ($name == 'default') {
        safe_update("txp_section", "page='{$page}',css='{$css}'", "name='default'");
    } else {
        if ($is_default) {
            // note this means 'selected by default' not 'default page'
            safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
        }
        safe_update("txp_section", "name         = '{$name}',\n\t\t\t\ttitle        = '{$title}',\n\t\t\t\tpage         = '{$page}',\n\t\t\t\tcss          = '{$css}',\n\t\t\t\tis_default   = '{$is_default}',\n\t\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\t\tin_rss       = '{$in_rss}',\n\t\t\t\tsearchable   = '{$searchable}'", "name = '{$old_name}'");
        safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
    }
    sec_section_list(messenger('section', $name, 'updated'));
}
Esempio n. 2
0
function start_import()
{
    global $event, $vars;
    extract(psa($vars));
    $insert_into_section = $Section;
    $insert_with_status = $type;
    $default_comment_invite = $comments_invite;
    include_once txpath . '/include/import/import_' . $import_tool . '.php';
    $ini_time = ini_get('max_execution_time');
    @ini_set('max_execution_time', 300 + intval($ini_time));
    switch ($import_tool) {
        case 'mtdb':
            $out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'mt':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportMT($file, $insert_into_section, $insert_with_status, $comments_invite);
                //Rebuilding category tree
                rebuild_tree('root', 1, 'article');
            } else {
                $out = 'Import file not found';
            }
            break;
        case 'b2':
            $out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite);
            break;
        case 'wp':
            $out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'blogger':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $comments_invite);
            } else {
                $out = gTxt('import_file_not_found');
            }
            break;
    }
    $out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' style="color:red;"') . $out;
    pagetop(gTxt('txp_import'));
    $content = '<div id="' . $event . '_container" class="txp-container txp-list">';
    $content .= startTable('list');
    $content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2));
    $content .= tr(td($out));
    $content .= endTable();
    $content .= '</div>';
    echo $content;
    $rs = safe_rows_start('parentid, count(*) as thecount', 'txp_discuss', 'visible=1 group by parentid');
    if (mysql_num_rows($rs) > 0) {
        while ($a = nextRow($rs)) {
            safe_update('textpattern', "comments_count=" . $a['thecount'], "ID=" . $a['parentid']);
        }
    }
}
Esempio n. 3
0
 /**
  * Saves pane visibility.
  */
 public function visible()
 {
     extract(psa(array('pane', 'visible', 'origin')));
     send_xml_response();
     if ($this->valid_token($pane) && preg_match('/^[a-z0-9_-]+$/i', $pane)) {
         set_pref("pane_{$pane}_visible", (int) ($visible === 'true'), $origin, PREF_HIDDEN, 'yesnoradio', 0, PREF_PRIVATE);
         return;
     }
     trigger_error('invalid_pane', E_USER_WARNING);
 }
Esempio n. 4
0
function section_save()
{
    $in = psa(array('name', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
    extract(doSlash($in));
    if ($is_default) {
        safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
    }
    safe_update("txp_section", "name         = '{$name}',\n\t\t\tpage         = '{$page}',\n\t\t\tcss          = '{$css}',\n\t\t\tis_default   = '{$is_default}',\n\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\tin_rss       = '{$in_rss}',\n\t\t\tsearchable   = '{$searchable}'", "name = '{$old_name}'");
    safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
    section_list(messenger('section', $name, 'updated'));
}
Esempio n. 5
0
function start_import()
{
    global $vars;
    extract(psa($vars));
    $insert_into_section = $Section;
    $insert_with_status = $type;
    $default_comment_invite = $comments_invite;
    include_once txpath . '/include/import/import_' . $import_tool . '.php';
    $ini_time = ini_get('max_execution_time');
    @ini_set('max_execution_time', 300 + intval($ini_time));
    switch ($import_tool) {
        case 'mtdb':
            $out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $blog_id, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'mt':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportMT($file, $insert_into_section, $insert_with_status, $comments_invite);
                //Rebuilding category tree
                rebuild_tree('root', 1, 'article');
            } else {
                $out = 'Import file not found';
            }
            break;
        case 'b2':
            $out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite);
            break;
        case 'wp':
            $out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'blogger':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $comments_invite);
            } else {
                $out = gTxt('import_file_not_found');
            }
            break;
    }
    $out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' style="color:red;"') . $out;
    pagetop(gTxt('txp_import'));
    $content = startTable('list');
    $content .= tr(tdcs(hed(gTxt('txp_import'), 3), 2));
    $content .= tr(td($out));
    $content .= endTable();
    echo $content;
}
Esempio n. 6
0
function author_save_new()
{
    extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
    $pw = generate_password(6);
    $nonce = md5(uniqid(rand(), true));
    if ($name) {
        $rs = safe_insert("txp_users", "privs    = '{$privs}',\n\t\t\t\t name     = '{$name}',\n\t\t\t\t email    = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass     =  password(lower('{$pw}')),\n\t\t\t\t nonce    = '{$nonce}'");
    }
    if ($rs) {
        send_password($pw, $email);
        admin(gTxt('password_sent_to') . sp . $email);
    } else {
        admin(gTxt('error_adding_new_author'));
    }
}
Esempio n. 7
0
function author_save_new()
{
    require_privs('admin.edit');
    extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
    $privs = assert_int($privs);
    $length = function_exists('mb_strlen') ? mb_strlen($name, '8bit') : strlen($name);
    if ($name and $length <= 64 and is_valid_email($email)) {
        $exists = safe_field('name', 'txp_users', "name = '" . $name . "'");
        if ($exists) {
            author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
            return;
        }
        $password = generate_password(PASSWORD_LENGTH);
        $hash = doSlash(txp_hash_password($password));
        $nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
        $rs = safe_insert('txp_users', "\n\t\t\t\tprivs    = {$privs},\n\t\t\t\tname     = '{$name}',\n\t\t\t\temail    = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce    = '{$nonce}',\n\t\t\t\tpass     = '******'\n\t\t\t");
        if ($rs) {
            send_password($RealName, $name, $email, $password);
            author_list(gTxt('password_sent_to') . sp . $email);
            return;
        }
    }
    author_list(array(gTxt('error_adding_new_author'), E_ERROR));
}
Esempio n. 8
0
function comments_preview($atts)
{
    global $has_comments_preview;
    if (!ps('preview')) {
        return;
    }
    extract(lAtts(array('form' => 'comments', 'wraptag' => '', 'class' => __FUNCTION__), $atts));
    assert_article();
    $preview = psa(array('name', 'email', 'web', 'message', 'parentid', 'remember'));
    $preview['time'] = time();
    $preview['discussid'] = 0;
    $preview['name'] = strip_tags($preview['name']);
    $preview['email'] = clean_url($preview['email']);
    if ($preview['message'] == '') {
        $in = getComment();
        $preview['message'] = $in['message'];
    }
    $preview['message'] = markup_comment(substr(trim($preview['message']), 0, 65535));
    // it is called 'message', not 'novel'
    $preview['web'] = clean_url($preview['web']);
    $GLOBALS['thiscomment'] = $preview;
    $comments = parse_form($form) . n;
    unset($GLOBALS['thiscomment']);
    $out = doTag($comments, $wraptag, $class);
    # set a flag, to tell the comments_form tag that it doesn't have to show a preview
    $has_comments_preview = true;
    return $out;
}
Esempio n. 9
0
function section_save()
{
    global $app_mode;
    $in = array_map('assert_string', psa(array('name', 'title', 'old_name', 'section_page', 'css')));
    if (empty($in['title'])) {
        $in['title'] = $in['name'];
    }
    // Prevent non url chars on section names
    include_once txpath . '/lib/classTextile.php';
    $textile = new Textile();
    $in['title'] = $textile->TextileThis($in['title'], 1);
    $in['name'] = strtolower(sanitizeForUrl($in['name']));
    extract($in);
    $in = doSlash($in);
    extract($in, EXTR_PREFIX_ALL, 'safe');
    if ($name != strtolower($old_name)) {
        if (safe_field('name', 'txp_section', "name='{$safe_name}'")) {
            // Invalid input. Halt all further processing (e.g. plugin event handlers).
            $message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
            //				modal_halt($message);
            sec_section_list($message);
            return;
        }
    }
    $ok = false;
    if ($name == 'default') {
        $ok = safe_update('txp_section', "page = '{$safe_section_page}', css = '{$safe_css}'", "name = 'default'");
    } else {
        if ($name) {
            extract(array_map('assert_int', psa(array('on_frontpage', 'in_rss', 'searchable'))));
            if ($safe_old_name) {
                $ok = safe_update('txp_section', "\n\t\t\t\t\tname         = '{$safe_name}',\n\t\t\t\t\ttitle        = '{$safe_title}',\n\t\t\t\t\tpage         = '{$safe_section_page}',\n\t\t\t\t\tcss          = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\t\tsearchable   = {$searchable}\n\t\t\t\t\t", "name = '{$safe_old_name}'");
                // Manually maintain referential integrity
                if ($ok) {
                    $ok = safe_update('textpattern', "Section = '{$safe_name}'", "Section = '{$safe_old_name}'");
                }
            } else {
                $ok = safe_insert('txp_section', "\n\t\t\t\t\tname         = '{$safe_name}',\n\t\t\t\t\ttitle        = '{$safe_title}',\n\t\t\t\t\tpage         = '{$safe_section_page}',\n\t\t\t\t\tcss          = '{$safe_css}',\n\t\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\t\tsearchable   = {$searchable}");
            }
        }
    }
    if ($ok) {
        update_lastmod();
    }
    if ($ok) {
        sec_section_list(gTxt($safe_old_name ? 'section_updated' : 'section_created', array('{name}' => $name)));
    } else {
        sec_section_list(array(gTxt('section_save_failed'), E_ERROR));
    }
}
Esempio n. 10
0
/**
 * Saves or clones a page template.
 */
function page_save()
{
    extract(doSlash(array_map('assert_string', psa(array('savenew', 'html', 'copy')))));
    $name = sanitizeForPage(assert_string(ps('name')));
    $newname = sanitizeForPage(assert_string(ps('newname')));
    $save_error = false;
    $message = '';
    if (!$newname) {
        $message = array(gTxt('page_name_invalid'), E_ERROR);
        $save_error = true;
    } else {
        if ($copy && $name === $newname) {
            $newname .= '_copy';
            $_POST['newname'] = $newname;
        }
        $exists = safe_field("name", 'txp_page', "name = '" . doSlash($newname) . "'");
        if ($newname !== $name && $exists !== false) {
            $message = array(gTxt('page_already_exists', array('{name}' => $newname)), E_ERROR);
            if ($savenew) {
                $_POST['newname'] = '';
            }
            $save_error = true;
        } else {
            if ($savenew or $copy) {
                if ($newname) {
                    if (safe_insert('txp_page', "name = '" . doSlash($newname) . "', user_html = '{$html}'")) {
                        update_lastmod('page_created', compact('newname', 'name', 'html'));
                        $message = gTxt('page_created', array('{name}' => $newname));
                    } else {
                        $message = array(gTxt('page_save_failed'), E_ERROR);
                        $save_error = true;
                    }
                } else {
                    $message = array(gTxt('page_name_invalid'), E_ERROR);
                    $save_error = true;
                }
            } else {
                if (safe_update('txp_page', "user_html = '{$html}', name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
                    safe_update('txp_section', "page = '" . doSlash($newname) . "'", "page = '" . doSlash($name) . "'");
                    update_lastmod('page_saved', compact('newname', 'name', 'html'));
                    $message = gTxt('page_updated', array('{name}' => $name));
                } else {
                    $message = array(gTxt('page_save_failed'), E_ERROR);
                    $save_error = true;
                }
            }
        }
    }
    if ($save_error === true) {
        $_POST['save_error'] = '1';
    } else {
        callback_event('page_saved', '', 0, $name, $newname);
    }
    page_edit($message);
}
Esempio n. 11
0
function getComment()
{
    // comment spam filter plugins: call this function to fetch comment contents
    $c = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'remember'));
    $n = array();
    foreach (stripPost() as $k => $v) {
        if (preg_match('#^[A-Fa-f0-9]{32}$#', $k . $v)) {
            $n[] = doSlash($k . $v);
        }
    }
    $c['nonce'] = '';
    $c['secret'] = '';
    if (!empty($n)) {
        $rs = safe_row('nonce, secret', 'txp_discuss_nonce', "nonce in ('" . join("','", $n) . "')");
        $c['nonce'] = $rs['nonce'];
        $c['secret'] = $rs['secret'];
    }
    $c['message'] = ps(md5('message' . $c['secret']));
    return $c;
}
Esempio n. 12
0
/**
 * Saves a category from HTTP POST data.
 *
 * @param string $event Type of category
 * @param string $table Affected database table
 */
function cat_event_category_save($event, $table_name)
{
    extract(doSlash(array_map('assert_string', psa(array('id', 'name', 'description', 'old_name', 'parent', 'title')))));
    $id = assert_int($id);
    $rawname = $name;
    $name = sanitizeForUrl($rawname);
    // Make sure the name is valid.
    if (!$name) {
        $message = array(gTxt($event . '_category_invalid', array('{name}' => $rawname)), E_ERROR);
        return cat_event_category_edit($event, $message);
    }
    // Don't allow rename to clobber an existing category.
    $existing_id = safe_field("id", 'txp_category', "name = '{$name}' AND type = '{$event}'");
    if ($existing_id and $existing_id != $id) {
        $message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
        return cat_event_category_edit($event, $message);
    }
    // TODO: validate parent?
    $parent = $parent ? $parent : 'root';
    $message = array(gTxt('category_save_failed'), E_ERROR);
    if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}', description = '{$description}'", "id = {$id}") && safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}' AND type = '{$event}'")) {
        rebuild_tree_full($event);
        if ($event == 'article') {
            if (safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'") && safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'")) {
                $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
            }
        } else {
            if (safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'")) {
                $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
            }
        }
    }
    cat_category_list($message);
}
Esempio n. 13
0
/**
 * Processes multi-edit actions.
 */
function list_multi_edit()
{
    global $txp_user, $statuses, $all_cats, $all_authors, $all_sections;
    extract(psa(array('selected', 'edit_method')));
    if (!$selected || !is_array($selected)) {
        return list_list();
    }
    $selected = array_map('assert_int', $selected);
    // Empty entry to permit clearing the categories.
    $categories = array('');
    foreach ($all_cats as $row) {
        $categories[] = $row['name'];
    }
    $allowed = array();
    $field = $value = '';
    switch ($edit_method) {
        // Delete.
        case 'delete':
            if (!has_privs('article.delete')) {
                if (has_privs('article.delete.own')) {
                    $allowed = safe_column_num("ID", 'textpattern', "ID IN (" . join(',', $selected) . ") AND AuthorID = '" . doSlash($txp_user) . "'");
                }
                $selected = $allowed;
            }
            if ($selected && safe_delete('textpattern', "ID IN (" . join(',', $selected) . ")")) {
                safe_update('txp_discuss', "visible = " . MODERATE, "parentid IN (" . join(',', $selected) . ")");
                callback_event('articles_deleted', '', 0, $selected);
                callback_event('multi_edited.articles', 'delete', 0, compact('selected', 'field', 'value'));
                update_lastmod('articles_deleted', $selected);
                now('posted', true);
                now('expires', true);
                return list_list(messenger('article', join(', ', $selected), 'deleted'));
            }
            return list_list();
            break;
            // Change author.
        // Change author.
        case 'changeauthor':
            $value = ps('AuthorID');
            if (has_privs('article.edit') && in_array($value, $all_authors, true)) {
                $field = 'AuthorID';
            }
            break;
            // Change category1.
        // Change category1.
        case 'changecategory1':
            $value = ps('Category1');
            if (in_array($value, $categories, true)) {
                $field = 'Category1';
            }
            break;
            // Change category2.
        // Change category2.
        case 'changecategory2':
            $value = ps('Category2');
            if (in_array($value, $categories, true)) {
                $field = 'Category2';
            }
            break;
            // Change comment status.
        // Change comment status.
        case 'changecomments':
            $field = 'Annotate';
            $value = (int) ps('Annotate');
            break;
            // Change section.
        // Change section.
        case 'changesection':
            $value = ps('Section');
            if (in_array($value, $all_sections, true)) {
                $field = 'Section';
            }
            break;
            // Change status.
        // Change status.
        case 'changestatus':
            $value = (int) ps('Status');
            if (array_key_exists($value, $statuses)) {
                $field = 'Status';
            }
            if (!has_privs('article.publish') && $value >= STATUS_LIVE) {
                $value = STATUS_PENDING;
            }
            break;
    }
    $selected = safe_rows("ID, AuthorID, Status", 'textpattern', "ID IN (" . join(',', $selected) . ")");
    foreach ($selected as $item) {
        if ($item['Status'] >= STATUS_LIVE && has_privs('article.edit.published') || $item['Status'] >= STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own.published') || $item['Status'] < STATUS_LIVE && has_privs('article.edit') || $item['Status'] < STATUS_LIVE && $item['AuthorID'] === $txp_user && has_privs('article.edit.own')) {
            $allowed[] = $item['ID'];
        }
    }
    $selected = $allowed;
    if ($selected) {
        $message = messenger('article', join(', ', $selected), 'modified');
        if ($edit_method === 'duplicate') {
            $rs = safe_rows_start("*", 'textpattern', "ID IN (" . join(',', $selected) . ")");
            if ($rs) {
                while ($a = nextRow($rs)) {
                    unset($a['ID'], $a['LastMod'], $a['LastModID'], $a['Expires']);
                    $a['uid'] = md5(uniqid(rand(), true));
                    $a['AuthorID'] = $txp_user;
                    foreach ($a as $name => &$value) {
                        $value = "`{$name}` = '" . doSlash($value) . "'";
                    }
                    if ($id = (int) safe_insert('textpattern', join(',', $a))) {
                        safe_update('textpattern', "Title = CONCAT(Title, ' (', {$id}, ')'),\n                            url_title = CONCAT(url_title, '-', {$id}),\n                            Posted = NOW(),\n                            feed_time = NOW()", "ID = {$id}");
                    }
                }
            }
            $message = gTxt('duplicated_articles', array('{id}' => join(', ', $selected)));
        } elseif (!$field || safe_update('textpattern', "{$field} = '" . doSlash($value) . "'", "ID IN (" . join(',', $selected) . ")") === false) {
            return list_list();
        }
        update_lastmod('articles_updated', compact('selected', 'field', 'value'));
        now('posted', true);
        now('expires', true);
        callback_event('multi_edited.articles', $edit_method, 0, compact('selected', 'field', 'value'));
        return list_list($message);
    }
    return list_list();
}
Esempio n. 14
0
/**
 * Saves the active language.
 */
function save_language()
{
    global $textarray, $locale;
    extract(psa(array('language')));
    if (safe_field("lang", 'txp_lang', "lang = '" . doSlash($language) . "' LIMIT 1")) {
        $locale = $prefs['locale'] = Txp::get('\\Textpattern\\L10n\\Locale')->getLanguageLocale($language);
        Txp::get('\\Textpattern\\L10n\\Locale')->setLocale(LC_ALL, $language);
        set_pref('locale', $locale);
        set_pref('language', $language);
        $textarray = load_lang($language);
        list_languages(gTxt('preferences_saved'));
        return;
    }
    list_languages(array(gTxt('language_not_installed', array('{name}' => $language)), E_ERROR));
}
Esempio n. 15
0
function createTxp()
{
    $GLOBALS['textarray'] = setup_load_lang(ps('lang'));
    if (ps('name') == '') {
        echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('name_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
        exit;
    }
    if (!ps('pass')) {
        echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('pass_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
        exit;
    }
    if (!is_valid_email(ps('email'))) {
        echo n . '<div id="setup_container" class="txp-container">' . txp_setup_progress_meter(3) . n . '<div class="txp-setup">' . n . graf('<span class="error">' . setup_gTxt('email_required') . '</span>') . n . setup_back_button() . n . '</div>' . n . '</div>';
        exit;
    }
    global $txpcfg;
    if (!isset($txpcfg['db'])) {
        require txpath . '/config.php';
    }
    $ddb = $txpcfg['db'];
    $duser = $txpcfg['user'];
    $dpass = $txpcfg['pass'];
    $dhost = $txpcfg['host'];
    $dclient_flags = isset($txpcfg['client_flags']) ? $txpcfg['client_flags'] : 0;
    $dprefix = $txpcfg['table_prefix'];
    $dbcharset = $txpcfg['dbcharset'];
    $siteurl = str_replace("http://", '', ps('siteurl'));
    $siteurl = rtrim($siteurl, "/");
    $urlpath = preg_replace('#^[^/]+#', '', $siteurl);
    define("PFX", trim($dprefix));
    define('TXP_INSTALL', 1);
    include_once txpath . '/lib/txplib_update.php';
    include txpath . '/setup/txpsql.php';
    // This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string
    extract(doSlash(psa(array('name', 'pass', 'RealName', 'email', 'theme'))));
    $nonce = md5(uniqid(rand(), true));
    $hash = doSlash(txp_hash_password($pass));
    mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}','{$hash}','{$RealName}','{$email}',1,now(),'{$nonce}')");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'");
    mysql_query("update `" . PFX . "textpattern` set Body = replace(Body, 'siteurl', '" . doSlash($urlpath) . "'), Body_html = replace(Body_html, 'siteurl', '" . doSlash($urlpath) . "') WHERE ID = 1");
    // cf. update/_to_4.2.0.php.
    // TODO: Position might need altering when prefs panel layout is altered
    $theme = $theme ? $theme : 'classic';
    mysql_query("insert `" . PFX . "txp_prefs` set prefs_id = 1, name = 'theme_name', val = '" . doSlash($theme) . "', type = '1', event = 'admin', html = 'themename', position = '160'");
    echo fbCreate();
}
Esempio n. 16
0
/**
 * Creates a new user.
 */
function author_save_new()
{
    require_privs('admin.edit');
    extract(psa(array('privs', 'name', 'email', 'RealName')));
    $privs = assert_int($privs);
    if (is_valid_username($name) && is_valid_email($email)) {
        if (user_exists($name)) {
            author_list(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
            return;
        }
        $password = generate_password(PASSWORD_LENGTH);
        $rs = create_user($name, $email, $password, $RealName, $privs);
        if ($rs) {
            send_password($RealName, $name, $email, $password);
            author_list(gTxt('password_sent_to') . sp . $email);
            return;
        }
    }
    author_list(array(gTxt('error_adding_new_author'), E_ERROR));
}
Esempio n. 17
0
function author_save_new()
{
    require_privs('admin.edit');
    extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
    $privs = assert_int($privs);
    if ($name && is_valid_email($email)) {
        $password = doSlash(generate_password(6));
        $nonce = doSlash(md5(uniqid(mt_rand(), TRUE)));
        $rs = safe_insert('txp_users', "\n\t\t\t\tprivs    = {$privs},\n\t\t\t\tname     = '{$name}',\n\t\t\t\temail    = '{$email}',\n\t\t\t\tRealName = '{$RealName}',\n\t\t\t\tnonce    = '{$nonce}',\n\t\t\t\tpass     = password(lower('{$password}'))\n\t\t\t");
        if ($rs) {
            send_password($RealName, $name, $email, $password);
            admin(gTxt('password_sent_to') . sp . $email);
            return;
        }
    }
    admin(gTxt('error_adding_new_author'));
}
Esempio n. 18
0
function section_save()
{
    global $txpcfg;
    extract(doSlash(psa(array('page', 'css', 'old_name'))));
    extract(psa(array('name', 'title')));
    if (empty($title)) {
        $title = $name;
    }
    // Prevent non url chars on section names
    include_once txpath . '/lib/classTextile.php';
    $textile = new Textile();
    $title = doSlash($textile->TextileThis($title, 1));
    $name = doSlash(sanitizeForUrl($name));
    if ($old_name && strtolower($name) != strtolower($old_name)) {
        if (safe_field('name', 'txp_section', "name='{$name}'")) {
            $message = gTxt('section_name_already_exists', array('{name}' => $name));
            sec_section_list($message);
            return;
        }
    }
    if ($name == 'default') {
        safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
        update_lastmod();
    } else {
        extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
        // note this means 'selected by default' not 'default page'
        if ($is_default) {
            safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
        }
        safe_update('txp_section', "\n\t\t\t\tname         = '{$name}',\n\t\t\t\ttitle        = '{$title}',\n\t\t\t\tpage         = '{$page}',\n\t\t\t\tcss          = '{$css}',\n\t\t\t\tis_default   = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\tsearchable   = {$searchable}\n\t\t\t", "name = '{$old_name}'");
        safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
        update_lastmod();
    }
    $message = gTxt('section_updated', array('{name}' => $name));
    sec_section_list($message);
}
Esempio n. 19
0
/**
 * Saves a form template.
 */
function form_save()
{
    global $essential_forms, $form_types;
    extract(doSlash(array_map('assert_string', psa(array('savenew', 'Form', 'type', 'copy')))));
    $name = sanitizeForPage(assert_string(ps('name')));
    $newname = sanitizeForPage(assert_string(ps('newname')));
    $save_error = false;
    $message = '';
    if (in_array($name, $essential_forms)) {
        $newname = $name;
        $type = fetch('type', 'txp_form', 'name', $newname);
        $_POST['newname'] = $newname;
    }
    if (!$newname) {
        $message = array(gTxt('form_name_invalid'), E_ERROR);
        $save_error = true;
    } else {
        if (!isset($form_types[$type])) {
            $message = array(gTxt('form_type_missing'), E_ERROR);
            $save_error = true;
        } else {
            if ($copy && $name === $newname) {
                $newname .= '_copy';
                $_POST['newname'] = $newname;
            }
            $exists = safe_field('name', 'txp_form', "name = '" . doSlash($newname) . "'");
            if ($newname !== $name && $exists !== false) {
                $message = array(gTxt('form_already_exists', array('{name}' => $newname)), E_ERROR);
                if ($savenew) {
                    $_POST['newname'] = '';
                }
                $save_error = true;
            } else {
                if ($savenew or $copy) {
                    if ($newname) {
                        if (safe_insert('txp_form', "Form = '{$Form}',\n                                type = '{$type}',\n                                name = '" . doSlash($newname) . "'")) {
                            update_lastmod();
                            $message = gTxt('form_created', array('{name}' => $newname));
                        } else {
                            $message = array(gTxt('form_save_failed'), E_ERROR);
                            $save_error = true;
                        }
                    } else {
                        $message = array(gTxt('form_name_invalid'), E_ERROR);
                        $save_error = true;
                    }
                } else {
                    if (safe_update('txp_form', "Form = '{$Form}',\n                            type = '{$type}',\n                            name = '" . doSlash($newname) . "'", "name = '" . doSlash($name) . "'")) {
                        update_lastmod();
                        $message = gTxt('form_updated', array('{name}' => $name));
                    } else {
                        $message = array(gTxt('form_save_failed'), E_ERROR);
                        $save_error = true;
                    }
                }
            }
        }
    }
    if ($save_error === true) {
        $_POST['save_error'] = '1';
    } else {
        callback_event('form_saved', '', 0, $name, $newname);
    }
    form_edit($message);
}
Esempio n. 20
0
/**
 * Creates a new user.
 */
function author_save_new()
{
    require_privs('admin.edit');
    extract(psa(array('privs', 'name', 'email', 'RealName')));
    $privs = assert_int($privs);
    if (is_valid_username($name) && is_valid_email($email)) {
        if (user_exists($name)) {
            author_edit(array(gTxt('author_already_exists', array('{name}' => $name)), E_ERROR));
            return;
        }
        $password = Txp::get('\\Textpattern\\Password\\Random')->generate(PASSWORD_LENGTH);
        $rs = create_user($name, $email, $password, $RealName, $privs);
        if ($rs) {
            $message = send_account_activation($name);
            author_list($message);
            return;
        }
    }
    author_edit(array(gTxt('error_adding_new_author'), E_ERROR));
}
Esempio n. 21
0
function article_save()
{
    global $txp_user, $vars, $txpcfg, $txpac;
    extract(get_prefs());
    extract($txpac);
    $incoming = psa($vars);
    $oldstatus = fetch('Status', 'textpattern', 'ID', $incoming['ID']);
    include_once $txpcfg['txpath'] . '/lib/classTextile.php';
    $textile = new Textile();
    if ($use_textile == 0 or !$incoming['textile_body']) {
        $incoming['Body_html'] = trim($incoming['Body']);
    } else {
        if ($use_textile == 1) {
            $incoming['Body_html'] = nl2br(trim($incoming['Body']));
        } else {
            if ($use_textile == 2 && $incoming['textile_body']) {
                $incoming['Body_html'] = $textile->TextileThis($incoming['Body']);
                $incoming['Title'] = $textile->TextileThis($incoming['Title'], '', 1);
            }
        }
    }
    if ($incoming['textile_excerpt']) {
        $incoming['Excerpt'] = $textile->TextileThis($incoming['Excerpt'], 1);
    }
    $myprivs = fetch('privs', 'txp_users', 'name', $txp_user);
    if ($myprivs == 5 && $Status == 4) {
        $Status = 3;
    }
    extract(doSlash($incoming));
    if ($reset_time) {
        $whenposted = "Posted=now()";
    } else {
        $when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ":00") - $timeoffset;
        $when = "from_unixtime({$when})";
        $whenposted = "Posted={$when}";
    }
    $textile_body = !$textile_body ? 0 : 1;
    $textile_excerpt = !$textile_excerpt ? 0 : 1;
    safe_update("textpattern", "Title           = '{$Title}',\n\t\t\tBody            = '{$Body}',\n\t\t\tBody_html       = '{$Body_html}',\n\t\t\tExcerpt         = '{$Excerpt}',\n\t\t\tKeywords        = '{$Keywords}',\n\t\t\tImage           = '{$Image}',\n\t\t\tStatus          = '{$Status}',\n\t\t\tLastMod         =  now(),\n\t\t\tLastModID       = '{$txp_user}',\n\t\t\tSection         = '{$Section}',\n\t\t\tCategory1       = '{$Category1}',\n\t\t\tCategory2       = '{$Category2}',\n\t\t\tAnnotate        = '{$Annotate}',\n\t\t\ttextile_body    =  {$textile_body},\n\t\t\ttextile_excerpt =  {$textile_excerpt},\n\t\t\toverride_form   = '{$override_form}',\n\t\t\turl_title       = '{$url_title}',\n\t\t\tAnnotateInvite  = '{$AnnotateInvite}',\n\t\t\tcustom_1        = '{$custom_1}',\n\t\t\tcustom_2        = '{$custom_2}',\n\t\t\tcustom_3        = '{$custom_3}',\n\t\t\tcustom_4        = '{$custom_4}',\n\t\t\tcustom_5        = '{$custom_5}',\n\t\t\tcustom_6        = '{$custom_6}',\n\t\t\tcustom_7        = '{$custom_7}',\n\t\t\tcustom_8        = '{$custom_8}',\n\t\t\tcustom_9        = '{$custom_9}',\n\t\t\tcustom_10       = '{$custom_10}',\n\t\t\t{$whenposted}", "ID='{$ID}'");
    if ($Status == 4) {
        if ($oldstatus < 4) {
            include_once $txpcfg['txpath'] . '/lib/IXRClass.php';
            if ($ping_textpattern_com) {
                $tx_client = new IXR_Client('http://textpattern.com/xmlrpc/');
                $tx_client->query('ping.Textpattern', $sitename, $siteurl);
            }
            if ($ping_weblogsdotcom == 1) {
                $wl_client = new IXR_Client('http://rpc.weblogs.com/RPC2');
                $wl_client->query('weblogUpdates.ping', $sitename, 'http://' . $siteurl);
            }
        }
        safe_update("txp_prefs", "val = now()", "`name` = 'lastmod'");
        $message = gTxt("article_saved");
    } else {
        if ($Status == 3) {
            $message = gTxt("article_saved_pending");
        } else {
            if ($Status == 2) {
                $message = gTxt("article_saved_hidden");
            } else {
                if ($Status == 1) {
                    $message = gTxt("article_saved_draft");
                }
            }
        }
    }
    article_edit($message);
}
Esempio n. 22
0
function cat_event_category_save($event, $table_name)
{
    global $txpcfg;
    extract(doSlash(psa(array('id', 'name', 'old_name', 'parent', 'title'))));
    $id = assert_int($id);
    $name = sanitizeForUrl($name);
    // make sure the name is valid
    if (!$name) {
        $message = array(gTxt($event . '_category_invalid', array('{name}' => $name)), E_ERROR);
        return cat_category_list($message);
    }
    // don't allow rename to clobber an existing category
    $existing_id = safe_field('id', 'txp_category', "name = '{$name}' and type = '{$event}'");
    if ($existing_id and $existing_id != $id) {
        $message = array(gTxt($event . '_category_already_exists', array('{name}' => $name)), E_ERROR);
        return cat_category_list($message);
    }
    $parent = $parent ? $parent : 'root';
    if (safe_update('txp_category', "name = '{$name}', parent = '{$parent}', title = '{$title}'", "id = {$id}")) {
        safe_update('txp_category', "parent = '{$name}'", "parent = '{$old_name}'");
    }
    rebuild_tree_full($event);
    if ($event == 'article') {
        safe_update('textpattern', "Category1 = '{$name}'", "Category1 = '{$old_name}'");
        safe_update('textpattern', "Category2 = '{$name}'", "Category2 = '{$old_name}'");
    } else {
        safe_update($table_name, "category = '{$name}'", "category = '{$old_name}'");
    }
    $message = gTxt($event . '_category_updated', array('{name}' => doStrip($name)));
    cat_category_list($message);
}
Esempio n. 23
0
function article_save()
{
    global $txp_user, $vars, $txpcfg;
    extract(get_prefs());
    $incoming = psa($vars);
    $oldArticle = safe_row('Status, url_title, Title', 'textpattern', 'ID = ' . (int) $incoming['ID']);
    if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) {
        // Not allowed, you silly rabbit, you shouldn't even be here.
        // Show default editing screen.
        article_edit();
        return;
    }
    include_once $txpcfg['txpath'] . '/lib/classTextile.php';
    $textile = new Textile();
    $incoming['Title_plain'] = $incoming['Title'];
    if ($use_textile == 0 or !$incoming['textile_body']) {
        $incoming['Body_html'] = trim($incoming['Body']);
    } else {
        if ($use_textile == 1) {
            $incoming['Body_html'] = nl2br(trim($incoming['Body']));
        } else {
            if ($use_textile == 2 && $incoming['textile_body']) {
                $incoming['Body_html'] = $textile->TextileThis($incoming['Body']);
                $incoming['Title'] = $textile->TextileThis($incoming['Title'], '', 1);
            }
        }
    }
    if ($incoming['textile_excerpt']) {
        $incoming['Excerpt_html'] = $textile->TextileThis($incoming['Excerpt']);
    } else {
        $incoming['Excerpt_html'] = $textile->TextileThis($incoming['Excerpt'], 1);
    }
    extract(doSlash($incoming));
    if (!has_privs('article.publish') && $Status >= 4) {
        $Status = 3;
    }
    if ($reset_time) {
        $whenposted = "Posted=now()";
    } else {
        $when = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ":00") - tz_offset();
        $when = "from_unixtime({$when})";
        $whenposted = "Posted={$when}";
    }
    $textile_body = !$textile_body ? 0 : 1;
    $textile_excerpt = !$textile_excerpt ? 0 : 1;
    if (empty($url_title)) {
        $url_title = stripSpace($Title_plain, 1);
    } elseif ($oldArticle['Status'] < 4 && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1)) {
        $url_title = stripSpace($Title_plain, 1);
    }
    safe_update("textpattern", "Title           = '{$Title}',\n\t\t\tBody            = '{$Body}',\n\t\t\tBody_html       = '{$Body_html}',\n\t\t\tExcerpt         = '{$Excerpt}',\n\t\t\tExcerpt_html    = '{$Excerpt_html}',\n\t\t\tKeywords        = '{$Keywords}',\n\t\t\tImage           = '{$Image}',\n\t\t\tStatus          = '{$Status}',\n\t\t\tLastMod         =  now(),\n\t\t\tLastModID       = '{$txp_user}',\n\t\t\tSection         = '{$Section}',\n\t\t\tCategory1       = '{$Category1}',\n\t\t\tCategory2       = '{$Category2}',\n\t\t\tAnnotate        = '{$Annotate}',\n\t\t\ttextile_body    =  {$textile_body},\n\t\t\ttextile_excerpt =  {$textile_excerpt},\n\t\t\toverride_form   = '{$override_form}',\n\t\t\turl_title       = '{$url_title}',\n\t\t\tAnnotateInvite  = '{$AnnotateInvite}',\n\t\t\tcustom_1        = '{$custom_1}',\n\t\t\tcustom_2        = '{$custom_2}',\n\t\t\tcustom_3        = '{$custom_3}',\n\t\t\tcustom_4        = '{$custom_4}',\n\t\t\tcustom_5        = '{$custom_5}',\n\t\t\tcustom_6        = '{$custom_6}',\n\t\t\tcustom_7        = '{$custom_7}',\n\t\t\tcustom_8        = '{$custom_8}',\n\t\t\tcustom_9        = '{$custom_9}',\n\t\t\tcustom_10       = '{$custom_10}',\n\t\t\t{$whenposted}", "ID='{$ID}'");
    if ($Status >= 4) {
        if ($oldArticle['Status'] < 4) {
            include_once $txpcfg['txpath'] . '/lib/IXRClass.php';
            if ($ping_textpattern_com) {
                $tx_client = new IXR_Client('http://textpattern.com/xmlrpc/');
                $tx_client->query('ping.Textpattern', $sitename, $siteurl);
            }
            if ($ping_weblogsdotcom == 1) {
                $wl_client = new IXR_Client('http://rpc.pingomatic.com/');
                $wl_client->query('weblogUpdates.ping', $sitename, hu);
            }
        }
        safe_update("txp_prefs", "val = now()", "`name` = 'lastmod'");
        $message = gTxt("article_saved");
    } else {
        if ($Status == 3) {
            $message = gTxt("article_saved_pending");
        } else {
            if ($Status == 2) {
                $message = gTxt("article_saved_hidden");
            } else {
                if ($Status == 1) {
                    $message = gTxt("article_saved_draft");
                }
            }
        }
    }
    $message .= check_url_title($url_title);
    article_edit($message);
}
Esempio n. 24
0
/**
 * Processes sent forms and updates existing articles.
 */
function article_save()
{
    global $txp_user, $vars, $prefs;
    extract($prefs);
    $incoming = array_map('assert_string', psa($vars));
    $oldArticle = safe_row("Status, url_title, Title, textile_body, textile_excerpt,\n        UNIX_TIMESTAMP(LastMod) AS sLastMod, LastModID,\n        UNIX_TIMESTAMP(Posted) AS sPosted,\n        UNIX_TIMESTAMP(Expires) AS sExpires", 'textpattern', "ID = " . (int) $incoming['ID']);
    if (!($oldArticle['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $oldArticle['Status'] >= STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < STATUS_LIVE and has_privs('article.edit') or $oldArticle['Status'] < STATUS_LIVE and $incoming['AuthorID'] === $txp_user and has_privs('article.edit.own'))) {
        // Not allowed, you silly rabbit, you shouldn't even be here.
        // Show default editing screen.
        article_edit();
        return;
    }
    if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
        article_edit(array(gTxt('concurrent_edit_by', array('{author}' => txpspecialchars($oldArticle['LastModID']))), E_ERROR), true, true);
        return;
    }
    if (!has_privs('article.set_markup')) {
        $incoming['textile_body'] = $oldArticle['textile_body'];
        $incoming['textile_excerpt'] = $oldArticle['textile_excerpt'];
    }
    $incoming = textile_main_fields($incoming);
    extract(doSlash($incoming));
    extract(array_map('assert_int', psa(array('ID', 'Status'))));
    // Comments may be on, off, or disabled.
    $Annotate = (int) $Annotate;
    if (!has_privs('article.publish') && $Status >= STATUS_LIVE) {
        $Status = STATUS_PENDING;
    }
    // Set and validate article timestamp.
    if ($reset_time) {
        $whenposted = "Posted = NOW()";
        $when_ts = time();
    } else {
        if (!is_numeric($year) || !is_numeric($month) || !is_numeric($day) || !is_numeric($hour) || !is_numeric($minute) || !is_numeric($second)) {
            $ts = false;
        } else {
            $ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
        }
        if ($ts === false || $ts < 0) {
            $when = $when_ts = $oldArticle['sPosted'];
            $msg = array(gTxt('invalid_postdate'), E_ERROR);
        } else {
            $when = $when_ts = $ts - tz_offset($ts);
        }
        $whenposted = "Posted = FROM_UNIXTIME({$when})";
    }
    // Set and validate expiry timestamp.
    if (empty($exp_year)) {
        $expires = 0;
    } else {
        if (empty($exp_month)) {
            $exp_month = 1;
        }
        if (empty($exp_day)) {
            $exp_day = 1;
        }
        if (empty($exp_hour)) {
            $exp_hour = 0;
        }
        if (empty($exp_minute)) {
            $exp_minute = 0;
        }
        if (empty($exp_second)) {
            $exp_second = 0;
        }
        $ts = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second);
        if ($ts === false || $ts < 0) {
            $expires = $oldArticle['sExpires'];
            $msg = array(gTxt('invalid_expirydate'), E_ERROR);
        } else {
            $expires = $ts - tz_offset($ts);
        }
    }
    if ($expires && $expires <= $when_ts) {
        $expires = $oldArticle['sExpires'];
        $msg = array(gTxt('article_expires_before_postdate'), E_ERROR);
    }
    if ($expires) {
        $whenexpires = "Expires = FROM_UNIXTIME({$expires})";
    } else {
        $whenexpires = "Expires = " . NULLDATETIME;
    }
    // Auto-update custom-titles according to Title, as long as unpublished and
    // NOT customised.
    if (empty($url_title) || $oldArticle['Status'] < STATUS_LIVE && $oldArticle['url_title'] === $url_title && $oldArticle['url_title'] === stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] !== $Title) {
        $url_title = stripSpace($Title_plain, 1);
    }
    $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
    $user = doSlash($txp_user);
    $description = doSlash($description);
    $cfq = array();
    $cfs = getCustomFields();
    foreach ($cfs as $i => $cf_name) {
        $custom_x = "custom_{$i}";
        $cfq[] = "custom_{$i} = '" . ${$custom_x} . "'";
    }
    $cfq = join(', ', $cfq);
    $rs = compact($vars);
    if (article_validate($rs, $msg)) {
        if (safe_update('textpattern', "Title           = '{$Title}',\n            Body            = '{$Body}',\n            Body_html       = '{$Body_html}',\n            Excerpt         = '{$Excerpt}',\n            Excerpt_html    = '{$Excerpt_html}',\n            Keywords        = '{$Keywords}',\n            description     = '{$description}',\n            Image           = '{$Image}',\n            Status          =  {$Status},\n            LastMod         =  NOW(),\n            LastModID       = '{$user}',\n            Section         = '{$Section}',\n            Category1       = '{$Category1}',\n            Category2       = '{$Category2}',\n            Annotate        =  {$Annotate},\n            textile_body    = '{$textile_body}',\n            textile_excerpt = '{$textile_excerpt}',\n            override_form   = '{$override_form}',\n            url_title       = '{$url_title}',\n            AnnotateInvite  = '{$AnnotateInvite}'," . ($cfs ? $cfq . ',' : '') . "{$whenposted},\n            {$whenexpires}", "ID = {$ID}")) {
            if ($Status >= STATUS_LIVE && $oldArticle['Status'] < STATUS_LIVE) {
                do_pings();
            }
            if ($Status >= STATUS_LIVE || $oldArticle['Status'] >= STATUS_LIVE) {
                update_lastmod('article_saved', $rs);
            }
            now('posted', true);
            now('expires', true);
            callback_event('article_saved', '', false, $rs);
            if (empty($msg)) {
                $s = check_url_title($url_title);
                $msg = array(get_status_message($Status) . ' ' . $s, $s ? E_WARNING : 0);
            }
        } else {
            $msg = array(gTxt('article_save_failed'), E_ERROR);
        }
    }
    article_edit($msg, false, true);
}
function ign_userSaveNew()
{
    global $ign_user_db;
    extract(doSlash(psa(array('privs', 'name', 'email', 'RealName'))));
    $pw = ign_generatePassword(8);
    $nonce = md5(uniqid(rand(), true));
    if ($name) {
        $rs = safe_insert($ign_user_db, "privs\t\t\t = '{$privs}',\n\t\t\t\t name\t\t\t\t = '{$name}',\n\t\t\t\t email\t\t\t = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass\t\t\t\t =\t password(lower('{$pw}')),\n\t\t\t\t nonce\t\t\t = '{$nonce}'");
    }
    if ($name && $rs) {
        ign_send_password($pw, $email);
        ign_admin(gTxt('password_sent_to') . sp . $email);
    } else {
        ign_admin(ign_gTxt('error_adding_new_user'));
    }
}
Esempio n. 26
0
function section_save()
{
    global $txpcfg, $app_mode;
    extract(doSlash(psa(array('page', 'css', 'old_name'))));
    extract(psa(array('name', 'title')));
    $prequel = '';
    $sequel = '';
    if (empty($title)) {
        $title = $name;
    }
    // Prevent non url chars on section names
    include_once txpath . '/lib/classTextile.php';
    $textile = new Textile();
    $title = doSlash($textile->TextileThis($title, 1));
    $name = doSlash(sanitizeForUrl($name));
    if ($old_name && strtolower($name) != strtolower($old_name)) {
        if (safe_field('name', 'txp_section', "name='{$name}'")) {
            $message = array(gTxt('section_name_already_exists', array('{name}' => $name)), E_ERROR);
            if ($app_mode == 'async') {
                // TODO: Better/themeable popup
                send_script_response('window.alert("' . escape_js(strip_tags(gTxt('section_name_already_exists', array('{name}' => $name)))) . '")');
            } else {
                sec_section_list($message);
                return;
            }
        }
    }
    if ($name == 'default') {
        safe_update('txp_section', "page = '{$page}', css = '{$css}'", "name = 'default'");
        update_lastmod();
    } else {
        extract(array_map('assert_int', psa(array('is_default', 'on_frontpage', 'in_rss', 'searchable'))));
        // note this means 'selected by default' not 'default page'
        if ($is_default) {
            safe_update("txp_section", "is_default = 0", "name != '{$old_name}'");
            // switch off $is_default for all sections in async app_mode
            if ($app_mode == 'async') {
                $prequel = '$("input[name=\\"is_default\\"][value=\\"1\\"]").attr("checked", false);' . '$("input[name=\\"is_default\\"][value=\\"0\\"]").attr("checked", true);';
            }
        }
        safe_update('txp_section', "\n\t\t\t\tname         = '{$name}',\n\t\t\t\ttitle        = '{$title}',\n\t\t\t\tpage         = '{$page}',\n\t\t\t\tcss          = '{$css}',\n\t\t\t\tis_default   = {$is_default},\n\t\t\t\ton_frontpage = {$on_frontpage},\n\t\t\t\tin_rss       = {$in_rss},\n\t\t\t\tsearchable   = {$searchable}\n\t\t\t", "name = '{$old_name}'");
        safe_update('textpattern', "Section = '{$name}'", "Section = '{$old_name}'");
        update_lastmod();
    }
    $message = gTxt('section_updated', array('{name}' => $name));
    if ($app_mode == 'async') {
        // Caveat: Use unslashed params for DTO
        $s = psa(array('name', 'title', 'page', 'css')) + compact('is_default', 'on_frontpage', 'in_rss', 'searchable');
        $s = section_detail_partial($s);
        send_script_response($prequel . '$("#section-form-' . $name . '").replaceWith("' . escape_js($s) . '");' . $sequel);
    } else {
        sec_section_list($message);
    }
}
Esempio n. 27
0
function article_save()
{
    global $txp_user, $vars, $txpcfg, $prefs;
    extract($prefs);
    $incoming = psa($vars);
    $oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']);
    if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) {
        // Not allowed, you silly rabbit, you shouldn't even be here.
        // Show default editing screen.
        article_edit();
        return;
    }
    if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
        article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE);
        return;
    }
    $incoming = textile_main_fields($incoming, $use_textile);
    extract(doSlash($incoming));
    extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt'))));
    $Annotate = (int) $Annotate;
    if (!has_privs('article.publish') && $Status >= 4) {
        $Status = 3;
    }
    if ($reset_time) {
        $whenposted = "Posted=now()";
        $when_ts = time();
    } else {
        $when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset();
        $whenposted = "Posted=from_unixtime({$when})";
    }
    if (empty($exp_year)) {
        $expires = 0;
        $whenexpires = "Expires=" . NULLDATETIME;
    } else {
        if (empty($exp_month)) {
            $exp_month = 1;
        }
        if (empty($exp_day)) {
            $exp_day = 1;
        }
        if (empty($exp_hour)) {
            $exp_hour = 0;
        }
        if (empty($exp_minute)) {
            $exp_minute = 0;
        }
        if (empty($exp_second)) {
            $exp_second = 0;
        }
        $expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset();
        $whenexpires = "Expires=from_unixtime({$expires})";
    }
    if ($expires) {
        if ($expires <= $when_ts) {
            article_edit(gTxt('article_expires_before_postdate'));
            return;
        }
    }
    //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized
    if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) {
        $url_title = stripSpace($Title_plain, 1);
    }
    $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
    safe_update("textpattern", "Title           = '{$Title}',\n\t\t\tBody            = '{$Body}',\n\t\t\tBody_html       = '{$Body_html}',\n\t\t\tExcerpt         = '{$Excerpt}',\n\t\t\tExcerpt_html    = '{$Excerpt_html}',\n\t\t\tKeywords        = '{$Keywords}',\n\t\t\tImage           = '{$Image}',\n\t\t\tStatus          =  {$Status},\n\t\t\tLastMod         =  now(),\n\t\t\tLastModID       = '{$txp_user}',\n\t\t\tSection         = '{$Section}',\n\t\t\tCategory1       = '{$Category1}',\n\t\t\tCategory2       = '{$Category2}',\n\t\t\tAnnotate        =  {$Annotate},\n\t\t\ttextile_body    =  {$textile_body},\n\t\t\ttextile_excerpt =  {$textile_excerpt},\n\t\t\toverride_form   = '{$override_form}',\n\t\t\turl_title       = '{$url_title}',\n\t\t\tAnnotateInvite  = '{$AnnotateInvite}',\n\t\t\tcustom_1        = '{$custom_1}',\n\t\t\tcustom_2        = '{$custom_2}',\n\t\t\tcustom_3        = '{$custom_3}',\n\t\t\tcustom_4        = '{$custom_4}',\n\t\t\tcustom_5        = '{$custom_5}',\n\t\t\tcustom_6        = '{$custom_6}',\n\t\t\tcustom_7        = '{$custom_7}',\n\t\t\tcustom_8        = '{$custom_8}',\n\t\t\tcustom_9        = '{$custom_9}',\n\t\t\tcustom_10       = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}");
    if ($Status >= 4) {
        if ($oldArticle['Status'] < 4) {
            do_pings();
        }
        update_lastmod();
    }
    article_edit(get_status_message($Status) . check_url_title($url_title));
}
Esempio n. 28
0
function saveComment()
{
    global $siteurl, $comments_moderate, $comments_sendmail, $txpcfg, $comments_disallow_images, $prefs;
    $ref = serverset('HTTP_REFERRER');
    $in = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'nonce', 'remember'));
    extract($in);
    if (!checkCommentsAllowed($parentid)) {
        exit(graf(gTxt('comments_closed')));
    }
    if ($prefs['comments_require_name']) {
        if (!trim($name)) {
            exit(graf(gTxt('comment_name_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if ($prefs['comments_require_email']) {
        if (!trim($email)) {
            exit(graf(gTxt('comment_email_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
        }
    }
    if (!trim($message)) {
        exit(graf(gTxt('comment_required')) . graf('<a href="" onClick="history.go(-1)">' . gTxt('back') . '</a>'));
    }
    $ip = serverset('REMOTE_ADDR');
    $message = trim($message);
    $blacklisted = is_blacklisted($ip);
    $name = doSlash(strip_tags(deEntBrackets($name)));
    $web = doSlash(clean_url(strip_tags(deEntBrackets($web))));
    $email = doSlash(clean_url(strip_tags(deEntBrackets($email))));
    $message2db = doSlash(markup_comment($message));
    $isdup = safe_row("message,name", "txp_discuss", "name='{$name}' and message='{$message2db}' and ip='{$ip}'");
    if (checkBan($ip)) {
        if ($blacklisted == false) {
            if (!$isdup) {
                if (checkNonce($nonce)) {
                    $visible = $comments_moderate ? 0 : 1;
                    $rs = safe_insert("txp_discuss", "parentid  = '{$parentid}',\n\t\t\t\t\t\t\t name\t\t  = '{$name}',\n\t\t\t\t\t\t\t email\t  = '{$email}',\n\t\t\t\t\t\t\t web\t\t  = '{$web}',\n\t\t\t\t\t\t\t ip\t\t  = '{$ip}',\n\t\t\t\t\t\t\t message   = '{$message2db}',\n\t\t\t\t\t\t\t visible   = {$visible},\n\t\t\t\t\t\t\t posted\t  = now()");
                    if ($rs) {
                        safe_update("txp_discuss_nonce", "used='1'", "nonce='{$nonce}'");
                        if ($prefs['comment_means_site_updated']) {
                            safe_update("txp_prefs", "val=now()", "name='lastmod'");
                        }
                        if ($comments_sendmail) {
                            mail_comment($message, $name, $email, $web, $parentid);
                        }
                        $updated = update_comments_count($parentid);
                        ob_start();
                        $backpage = substr($backpage, 0, $prefs['max_url_len']);
                        $backpage = preg_replace("/[\n\r#].*\$/s", '', $backpage);
                        $backpage .= (strstr($backpage, '?') ? '&' : '?') . 'commented=1';
                        if ($comments_moderate) {
                            header('Location: ' . $backpage . '#txpCommentInputForm');
                        } else {
                            header('Location: ' . $backpage . '#c' . sprintf("%06s", $rs));
                        }
                    }
                }
                // end check nonce
            }
            // end check dup
        } else {
            exit(gTxt('your_ip_is_blacklisted_by' . ' ' . $blacklisted));
        }
        // end check blacklist
    } else {
        exit(gTxt('you_have_been_banned'));
    }
    // end check site ban
}
Esempio n. 29
0
function createTxp()
{
    $GLOBALS['textarray'] = setup_load_lang(ps('lang'));
    if (!is_valid_email(ps('email'))) {
        exit(graf(gTxt('email_required')));
    }
    require txpath . '/config.php';
    $ddb = $txpcfg['db'];
    $duser = $txpcfg['user'];
    $dpass = $txpcfg['pass'];
    $dhost = $txpcfg['host'];
    $dprefix = $txpcfg['table_prefix'];
    $dbcharset = $txpcfg['dbcharset'];
    $siteurl = str_replace("http://", '', ps('siteurl'));
    $siteurl = rtrim($siteurl, "/");
    define("PFX", trim($dprefix));
    define('TXP_INSTALL', 1);
    include_once txpath . '/lib/txplib_update.php';
    include txpath . '/setup/txpsql.php';
    // This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string
    extract(doSlash(psa(array('name', 'pass', 'RealName', 'email'))));
    $nonce = md5(uniqid(rand(), true));
    mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}',password(lower('{$pass}')),'{$RealName}','{$email}',1,now(),'{$nonce}')");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'");
    mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'");
    echo fbCreate();
}
Esempio n. 30
0
/**
 * Processes multi-edit actions.
 */
function section_multi_edit()
{
    global $txp_user, $all_pages, $all_styles;
    extract(psa(array('edit_method', 'selected')));
    if (!$selected || !is_array($selected)) {
        return sec_section_list();
    }
    $key = $val = '';
    switch ($edit_method) {
        case 'delete':
            return section_delete();
            break;
        case 'changepage':
            $val = ps('uses_page');
            if (in_array($val, $all_pages, true)) {
                $key = 'page';
            }
            break;
        case 'changecss':
            $val = ps('css');
            if (in_array($val, $all_styles, true)) {
                $key = 'css';
            }
            break;
        case 'changeonfrontpage':
            $key = 'on_frontpage';
            $val = (int) ps('on_frontpage');
            break;
        case 'changesyndicate':
            $key = 'in_rss';
            $val = (int) ps('in_rss');
            break;
        case 'changesearchable':
            $key = 'searchable';
            $val = (int) ps('searchable');
            break;
    }
    $sections = safe_column('name', 'txp_section', "name in (" . join(',', quote_list($selected)) . ")");
    if ($key && $sections) {
        if (safe_update('txp_section', "{$key} = '" . doSlash($val) . "'", "name in (" . join(',', quote_list($sections)) . ")")) {
            sec_section_list(gTxt('section_updated', array('{name}' => join(', ', $sections))));
            return;
        }
    }
    sec_section_list();
}